Fetches parameters recursively from AWS SSM Parameter Store at the given PARAMETER_PATH(s). Then executes PROGRAM with the parameters supplied as ENV variables.
Before passing the parameters to the PROGRAM, their names will be transformed as follows:
- Remove PARAMETER_PATH prefix
- Replace the symbols . (period), - (hyphen) and / (forward slash) with _ (underscore)
- Made UPPERCASE
Conflicting parameters will resolve to the value of the last one found. Any existing ENV variables (unless --clean-env is specified) will be passed along and takes precedence over parameters with the same name - to allow overriding specific parameters (e.g in development environment).
Given the following parameters:
| name | value |
+----------------+--------+
| /one/user-name | user-1 |
| /one/password | pass-1 |
| /two/user-name | user-2 |
| /two/password | pass-2 |
And the following existing ENV vars
| name | value |
+--------------+----------+
| TWO_PASSWORD | from-env |
When requesting: [/, /one, /two]
Then the following ENV variables will be available:
| name | value | comment |
+---------------+----------+--------------------------+
| ONE_USER_NAME | user-1 | / |
| ONE_PASSWORD | pass-1 | / |
| TWO_USER_NAME | user-2 | / |
| TWO_PASSWORD | from-env | /, superceded by ENV var |
| USER_NAME | user-2 | /one, superceded by /two |
| PASSWORD | pass-2 | /one, superceded by /two |
- Clone the repo
- Run
cargo install --path .
Download the desired version from the releases page.
When started, the tool will try to detect your current AWS credentials in the following order:
- From ENV variables
- From
~/.aws/credentials
- From the instance metadata service (useful on EC2 instances)
pse /path/to/parameters -- env
Use the --help
option for further information on how to invoke the tool.
FROM alpine
# install a specific binary release
ARG pse_version=latest
ADD https://github.com/neochrome/parameter-store-executor/releases/download/${pse_version}/pse-linux-amd64 /pse
# -- or --
# use the latest released version
ADD https://github.com/neochrome/parameter-store-executor/releases/latest/download/pse-linux-adm64 /pse
# make the binary executable
RUN chmod +x /pse
The binary release is additionally pushed to Docker Hub and may be installed using
a COPY --from
statement like so:
# install a specific binary release
COPY --from=neochrome/parameter-store-executor:0.2.0 /pse /
# -- or --
# use the latest version
COPY --from=neochrome/parameter-store-executor:latest /pse /
# make the binary executable
RUN chmod +x /pse
The tool may be specified as the ENTRYPOINT
of a docker image to allow for
easy use of AWS SSM Parameter Store parameters with your application:
FROM alpine
# install the binary release using one of the methods above
# specify AWS_REGION unless passed from outside your container
ENV AWS_REGION=eu-west-1
# use an ENV var to specify the parameter(s) to use
ENV PARAMETER_PATH=/some/path
ENTRYPOINT /pse "$PARAMETER_PATH" -- env
# -- or --
# specify the parameter(s) directly in the ENTRYPOINT
# and optionally use CMD
ENTRYPOINT [ "/pse", "/some/path", "--" ]
CMD ["env"]
When launching the container you need to pass the set of credentials to be used either as ENV variables or by mounting the credentials as a volume.
Using the docker
commandline:
docker run -e AWS_ACCESS_KEYID -e AWS_SECRET_ACCESS_KEY your_image
Using docker-compose
:
version: '3'
services:
app:
image: your_image
environment:
- AWS_ACCESS_KEYID
- AWS_SECRET_ACCESS_KEY
Using the docker
commandline:
docker run -v $HOME/.aws/credentials:/root/.aws/credentials:ro your_image
Using docker-compose
:
version: '3'
services:
app:
image: your_image
volumes:
- $HOME/.aws/credentials:/root/.aws/credentials:ro
- Fork it (https://github.com/neochrome/parameter-store-executor/fork)
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'feat: some new feature'
), make sure to use https://www.conventionalcommits.org/. - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request
Releases are automated using Release Please.